Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 1.1.1 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-1538
Theme Demo Import WordPress plugin prior to 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.
Themely Theme Demo Import
5.4
CVSSv3
CVE-2023-4821
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin prior to 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
Codedropz Drag And Drop Multiple File Uploader
6.1
CVSSv3
CVE-2021-25107
The Form Store to DB WordPress plugin prior to 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated malicious user to perform Cross-Site Scripting attacks against admin
Accesspressthemes Form Store To Db
6.1
CVSSv3
CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin prior to 3.3.0 for WordPress allows remote malicious users to inject arbitrary JavaScript via the yr parameter.
Sunnythemes Spiffy Calendar 3.0.8
Sunnythemes Spiffy Calendar 3.0.7
Sunnythemes Spiffy Calendar 3.0.0
Sunnythemes Spiffy Calendar 2.1.3
Sunnythemes Spiffy Calendar 1.2.0
Sunnythemes Spiffy Calendar 1.1.8
Sunnythemes Spiffy Calendar 1.1.2
Sunnythemes Spiffy Calendar 1.1.1
Sunnythemes Spiffy Calendar 3.1.3
Sunnythemes Spiffy Calendar 3.1.2
Sunnythemes Spiffy Calendar 3.0.4
Sunnythemes Spiffy Calendar 3.0.3
Sunnythemes Spiffy Calendar 2.1.0
Sunnythemes Spiffy Calendar 2.0.1
Sunnythemes Spiffy Calendar 1.1.5
Sunnythemes Spiffy Calendar 2.0.0
Sunnythemes Spiffy Calendar 1.0.3
Sunnythemes Spiffy Calendar 1.0.1
Sunnythemes Spiffy Calendar 3.1.1
Sunnythemes Spiffy Calendar 3.1.0
Sunnythemes Spiffy Calendar 3.0.2
Sunnythemes Spiffy Calendar 3.0.1
4.8
CVSSv3
CVE-2022-0703
The GD Mylist WordPress plugin up to and including 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Gd-mylist Project Gd-mylist
7.2
CVSSv3
CVE-2023-2492
The QueryWall: Plug'n Play Firewall WordPress plugin up to and including 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Querywall Plug\\'n Play Firewall Project Querywall Plug\\'n Play Firewall
7.2
CVSSv3
CVE-2021-24402
The Orders functionality in the WP iCommerce WordPress plugin up to and including 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as ...
Solvercircle Wp Icommerce
NA
CVE-2013-2710
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin prior to 1.8.7 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
Ajaydsouza Contextual Related Posts 1.8.1
Ajaydsouza Contextual Related Posts 1.8
Ajaydsouza Contextual Related Posts 1.6.3
Ajaydsouza Contextual Related Posts 1.6.2
Ajaydsouza Contextual Related Posts 1.4
Ajaydsouza Contextual Related Posts 1.3.1
Ajaydsouza Contextual Related Posts 1.8.5
Ajaydsouza Contextual Related Posts 1.8.4
Ajaydsouza Contextual Related Posts 1.7.1
Ajaydsouza Contextual Related Posts 1.7
Ajaydsouza Contextual Related Posts 1.5.2
Ajaydsouza Contextual Related Posts 1.5.1
Ajaydsouza Contextual Related Posts 1.5
Ajaydsouza Contextual Related Posts 1.2.1
Ajaydsouza Contextual Related Posts 1.2
Ajaydsouza Contextual Related Posts 1.8.3
Ajaydsouza Contextual Related Posts 1.8.2
Ajaydsouza Contextual Related Posts 1.6.5
Ajaydsouza Contextual Related Posts 1.6.4
Ajaydsouza Contextual Related Posts 1.4.2
Ajaydsouza Contextual Related Posts 1.4.1
Ajaydsouza Contextual Related Posts 1.1.1
NA
CVE-2014-2333
Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin prior to 1.1.21 for WordPress allows remote malicious users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.
Marcel Brinkkemper Lazyest-gallery
Marcel Brinkkemper Lazyest-gallery 1.1.16
Marcel Brinkkemper Lazyest-gallery 1.1.15
Marcel Brinkkemper Lazyest-gallery 1.1.9.1
Marcel Brinkkemper Lazyest-gallery 1.1.9
Marcel Brinkkemper Lazyest-gallery 1.1.3.3
Marcel Brinkkemper Lazyest-gallery 1.1.3.2
Marcel Brinkkemper Lazyest-gallery 1.1.18
Marcel Brinkkemper Lazyest-gallery 1.1.17.4
Marcel Brinkkemper Lazyest-gallery 1.1.12
Marcel Brinkkemper Lazyest-gallery 1.1.11
Marcel Brinkkemper Lazyest-gallery 1.1.7.1
Marcel Brinkkemper Lazyest-gallery 1.1.7
Marcel Brinkkemper Lazyest-gallery 1.1.6
Marcel Brinkkemper Lazyest-gallery 1.1.2.1
Marcel Brinkkemper Lazyest-gallery 1.1.1.1
Marcel Brinkkemper Lazyest-gallery 1.1.19.1
Marcel Brinkkemper Lazyest-gallery 1.1.19
Marcel Brinkkemper Lazyest-gallery 1.1.14
Marcel Brinkkemper Lazyest-gallery 1.1.13
Marcel Brinkkemper Lazyest-gallery 1.1.8.1
Marcel Brinkkemper Lazyest-gallery 1.1.8
5.4
CVSSv3
CVE-2021-24301
The Hotjar Connecticator WordPress plugin up to and including 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exp...
Bluemedicinelabs Hotjar Connecticator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »